Terms of Service

Effective date: 21 April 2026

The previous version was effective from 29 March 2026.

1. Agreement

By accessing or using Scimify or Challenge (the "Services"), you agree to these Terms of Service ("Terms") between you and Veraproof Pty Ltd ("Veraproof", "we", or "us").

If you are entering into this agreement on behalf of an organisation, you represent that you have authority to bind that organisation.

2. Services Description

  • Scimify: Provides SCIM provisioning functionality for applications without native SCIM support.
  • Challenge: Provides identity verification workflows designed to prevent impersonation and deepfake attacks.

Both are delivered as hosted SaaS applications with APIs and management portals.

3. Accounts and Access

  • Customers authenticate via Slack, GitHub, or Google login or OIDC SSO integration with their IdP.
  • You are responsible for managing authorised users and access permissions.
  • Veraproof does not store or manage user passwords.
  • You must notify us immediately if you suspect unauthorised access to your account.

4. Subscriptions, Billing, and Cancellations

Some customers subscribe directly through our websites using self-service checkout (self-service). Others contract on written terms such as an order form and pay by invoice (enterprise invoice arrangements, section 4(d)). Sections 4(a) and 4(b) describe how self-service plans typically work; if you have an enterprise invoice arrangement, fees, quantities, billing frequency, and service specifics stated in your order form (or similar) prevail where they differ from 4(a) or 4(b). Section 4(c) applies to everyone; section 4(d) applies only to enterprise invoice arrangements.

a. Scimify (self-service)

  • Subscription pricing is based on user license packs of 50 users.
  • Each plan has soft usage limits - if you exceed your licensed quantity, Veraproof will notify you and automatically adjust your subscription to the next pack on your next billing cycle.
  • Customers may manage billing details, upgrades, and downgrades via the Stripe customer portal.
  • When upgrading or changing quantities, credits for unused time in the current period are automatically applied.
  • Downgrades take effect at the end of the current billing period.

b. Challenge (self-service)

  • Challenge uses metered usage with graduated pricing tiers (Starter, Growth, Scale, Unlimited).
  • Each tier includes a flat monthly fee covering a base number of challenges.
  • Overage charges apply per challenge beyond the included amount in your tier.
  • When you exceed your tier's included challenges, the service continues to function and you will be charged overage fees for each additional challenge created.
  • Overage charges are calculated and billed at the end of each billing period.
  • Pricing tier changes must be processed manually via support (see Upgrading Challenge Pricing Tiers).
  • The Unlimited tier includes a fair use policy of 20,000 challenges per month.

c. General Billing Terms

  • Unless otherwise stated, fees and prices are exclusive of taxes (including GST, VAT, sales tax, and similar). You are responsible for any taxes imposed on the supply of the Services to you, except taxes based on Veraproof's net income. If Veraproof is required to collect or remit taxes, those taxes will be added to your invoice or charged at checkout as applicable.
  • For self-service subscriptions, billing is processed via Stripe in AUD or USD. If you cancel a self-service subscription, cancellation takes effect immediately and access to the Services ends, subject to Stripe's handling of any current billing period.
  • For enterprise invoice arrangements, billing, payment, renewal, and how access ends are governed by section 4(d) and your order form.

d. Enterprise and invoice billing

This section applies where Veraproof has agreed that you will pay by invoice (an enterprise invoice arrangement), including any order form, statement of work, or written confirmation that references these Terms. If anything in this section conflicts with an express written agreement signed by both parties, the signed agreement prevails.

  • Unless otherwise stated on the invoice or in your order form, amounts are payable net 30 - that is, within thirty (30) days of the invoice date.
  • You may pay invoices by Stripe (for example using a payment link or other instructions on the invoice) or by direct bank deposit (bank EFT). Bank account details, currency, and any payment reference appear on the invoice or are provided by Veraproof on request.
  • If your actual usage exceeds the subscription quantities or limits in your order form (for example licensed users or seats for Scimify, or challenges or tier limits for Challenge, as applicable), Veraproof may invoice you for the excess usage (true-up) at the rates in your order form or, where not stated there, at Veraproof's then-current standard rates for the relevant Service. True-up amounts are payable on the same terms as other invoices under this section unless your order form says otherwise.
  • Unless otherwise agreed in writing, your subscription renews automatically at the end of each subscription term for successive terms of the same length (or as otherwise stated in your order form or invoice).
  • To opt out of renewal and end the Services at the end of the current subscription term, you must give Veraproof written notice at least sixty (60) days before the last day of that term. If you do not give notice in time, the subscription renews for the next term and you will be invoiced accordingly.
  • Notice of non-renewal should be sent to [email protected] (or as directed in your order form).
  • If an amount due under an invoice is not received by the due date, Veraproof may suspend or limit access to the Services (or any part of them) until all overdue amounts and applicable late charges are paid in full. Veraproof will use reasonable efforts to notify you before suspension where practicable.
  • Overdue amounts may incur a late payment charge of 1.5% per month (or, if lower, the maximum rate permitted by applicable law), calculated on the outstanding balance from the due date until payment in full. Veraproof may also recover reasonable costs of collection (such as legal fees on a solicitor-and-client basis) where permitted by law.

5. Customer Data and Privacy

  • Veraproof processes limited user profile and integration data as described in our Privacy Policy.
  • You retain all rights to your data. The roles of Veraproof as processor (for example when we process provisioning and verification data you supply through the Services) and as controller for certain data (for example some account or relationship information) are described in the Privacy Policy (including section 4).
  • You are responsible for ensuring that you have appropriate consent and authority to share user data with us.
  • By using the Services, you acknowledge that you have access to the Privacy Policy. Processing is described there with applicable legal bases (including performance of contract and legitimate interests). Where EU or UK law requires consent for specific processing (for example optional marketing), that consent is obtained or managed as described in the Privacy Policy and is not the same as accepting these Terms alone.

6. Processing of personal data (Article 28 GDPR and UK GDPR)

This section applies where you (including the organisation you represent) act as a controller of personal data and Veraproof processes that personal data on your behalf as a processor in connection with the Services, and the EU General Data Protection Regulation (Regulation 2016/679) (GDPR) or the retained UK version of the GDPR as defined in the UK Data Protection Act 2018 (UK GDPR) applies to that processing. It does not limit obligations in the Privacy Policy, which forms part of the overall understanding between the parties.

6.1 Details of processing

The subject matter of processing is the provision of Scimify and Challenge. Processing continues for the term of your subscription or use of the Services and for winding down as described in the Privacy Policy. The nature and purposes of processing, categories of personal data, and categories of data subjects are those described in the Privacy Policy and depend on how you configure and use the Services (including integrations and APIs).

6.2 Your instructions

You instruct Veraproof to process personal data only to provide the Services in accordance with these Terms, the Privacy Policy, and your configuration and use of the Services. You may provide additional documented instructions that are consistent with the Services; Veraproof will comply where legally required and commercially reasonable. If Veraproof believes an instruction infringes applicable law, we will inform you.

6.3 Veraproof obligations

Veraproof will:

  • process personal data only on documented instructions from you as described in section 6.2, unless applicable law requires otherwise (in which case we will inform you unless prohibited by law);
  • ensure that persons authorised to process personal data are subject to appropriate confidentiality obligations;
  • implement appropriate technical and organisational measures as described in the Privacy Policy and on our Trust & Security page, having regard to the state of the art, implementation cost, and the nature, scope, and risks of processing;
  • assist you, taking into account the nature of processing, in responding to requests from individuals exercising rights under the GDPR or UK GDPR, where you cannot reasonably fulfil those requests without our assistance;
  • assist you with your obligations regarding security of processing, data protection impact assessments, and prior consultation with supervisory authorities, where applicable and taking into account the nature of processing and information available to us;
  • at the end of the Services relating to processing, at your choice delete or return personal data unless applicable law requires retention;
  • make available information reasonably necessary to demonstrate compliance with Article 28 GDPR (and the UK equivalent) and contribute to audits and inspections reasonably requested by you, subject to reasonable confidentiality and security requirements, on not more than an annual basis except where required by a supervisory authority or these Terms, and with reasonable prior notice.

6.4 Sub-processors

You authorise Veraproof to engage sub-processors as described in the Sub-processors section of the Privacy Policy. Veraproof will impose data protection terms on sub-processors that meet the requirements of Article 28(4) GDPR (and the UK equivalent). We will inform you of changes to sub-processors as set out in the Privacy Policy. If you object to a new sub-processor on reasonable data protection grounds, you may terminate the affected Services in accordance with these Terms.

6.5 Security incidents

Veraproof will notify you without undue delay after becoming aware of a personal data breach affecting personal data we process on your behalf where such notification is required by the GDPR or UK GDPR and the breach is known to us, and will provide information reasonably available to assist you in meeting your own notification obligations.

6.6 International transfers

Where personal data processed under this section is transferred outside the EEA or UK (as applicable), Veraproof will ensure appropriate safeguards as described in the Privacy Policy (including standard contractual clauses and, where applicable, the UK International Data Transfer Addendum).

6.7 Conflict

If there is a conflict between this section 6 and other provisions of these Terms regarding Veraproof’s processing of personal data as a processor under the GDPR or UK GDPR, this section 6 prevails to the extent of the conflict.

7. Security and Compliance

  • Veraproof aligns its security practices with SOC 1 control objectives and industry best practices, and designs and operates controls using themes comparable to widely used frameworks (including SOC 2 and ISO 27001, for example access control, encryption, and logging).
  • Data is encrypted at rest and in transit.
  • Access to systems is restricted and monitored.
  • A high-level description of our security practices is available on our Trust & Security page. Sub-processors and related processing details are described in our Privacy Policy.
  • You agree not to attempt to breach, probe, or otherwise interfere with Veraproof systems or networks.

8. Service Availability and Support

  • Veraproof aims for high availability but does not guarantee uninterrupted service.
  • Scheduled maintenance windows will be communicated in advance.
  • Support is available via [email protected] or via shared Slack channels for customers who opt in.
  • Veraproof is not liable for downtime caused by third-party infrastructure (e.g., AWS, Cloudflare, Slack, Stripe).

9. Acceptable Use

You agree not to:

  • Use the Services for unlawful, fraudulent, or abusive purposes.
  • Resell or sublicense access without written consent.
  • Interfere with or overload Veraproof's infrastructure.
  • Access or reverse engineer the Services beyond permitted API documentation.

10. Intellectual Property

  • Veraproof retains all intellectual property rights in its Services, documentation, and branding.
  • Customers retain ownership of their data.
  • Nothing in these Terms transfers ownership of IP between the parties.

11. Confidentiality

Each party must keep the other's confidential information secure and not disclose it to third parties except as required by law or necessary to perform these Terms.

12. Termination

Either party may terminate this Agreement:

  • Immediately if the other party breaches these Terms and fails to remedy the breach within 14 days of notice.
  • For convenience by cancelling the subscription (effective immediately), except that if you have an enterprise invoice arrangement under section 4(d), ending the Services at the end of a subscription term is by non-renewal notice as described there.

Upon termination, customer data will be deleted in accordance with our Privacy Policy.

13. Disclaimers

  • The Services are provided "as-is" without warranties of any kind.
  • Veraproof does not guarantee error-free operation, specific outcomes, or uninterrupted access.
  • To the fullest extent permitted by law, we disclaim all implied warranties, including merchantability and fitness for purpose.

14. Limitation of Liability

To the maximum extent permitted by law:

  • Veraproof's total liability under any claim related to the Services is limited to the amount paid by the customer in the preceding 12 months.
  • Veraproof is not liable for indirect, consequential, or special damages including loss of data, revenue, or profits.

15. Indemnification

You agree to indemnify and hold Veraproof harmless from any claim arising out of your misuse of the Services, violation of these Terms, or infringement of any third-party rights.

16. Assignment

You may not assign or transfer these Terms or your rights under them without Veraproof's prior written consent. Veraproof may assign or transfer these Terms, in whole or in part - including to an affiliate or in connection with a merger, acquisition, sale of assets, reorganisation, or other change of control - without your consent. The assignee assumes Veraproof's obligations under these Terms, and these Terms remain binding on you. Any attempted assignment by you in violation of this section is void.

17. Governing Law

These Terms are governed by the laws of Victoria, Australia.

Any dispute will be subject to the exclusive jurisdiction of the courts of Victoria.

18. Changes to Terms

Veraproof may update these Terms periodically. The most current version will be available at https://veraproof.io/terms/.

Continued use of the Services after changes constitutes acceptance of the updated Terms.

19. Contact

Veraproof Pty Ltd

Victoria, Australia

Email: [email protected]

Slack: Shared support channel (for participating enterprise customers)